Ryuk gang estimated to have made more than $150 million from ransomware attacks | ZDNet
Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | January 7, 2021 -- 19:22 GMT (19:22 GMT) | Topic: Security
dollar-money-rain.jpg
Image: QuinceCreative
The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.
SECURITY
The malware that usually installs ransomware and you need to remove right away
The malware that usually installs ransomware and you need to remove right away
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.
Read More
In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks.
"Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."
AdvIntel and HYAS say the extorted funds are gathered in holding accounts, passed to money laundering services, and are then either funneled back into the criminal market and used to pay for other criminal services or are cashed out at real cryptocurrency exchanges.
But what the two companies have found odd was that while other ransomware groups typically used lesser-known exchanges to cash out funds, Ryuk converted Bitcoin into real fiat currency using accounts on two very well-established crypto-portals, such as Binance and Huobi, most likely using stolen identities.
ryuk-earnings.png
Image: AdvIntel
But today's joint AdvIntel and HYAS report also provides a more up-to-date figure in regards to Ryuk operations.
The last figure we had came from February 2020, when FBI officials spoke at the RSA security conference. At the time, the FBI said that Ryuk was, by far, the most profitable ransomware gang active on the scene, having made more than $61.26 million from ransom payments between February 2018 and October 2019, based on complaints received by the FBI Internet Crime Complaint Center.
fbi-rsa.png
Image: FBI
With today's report and the $150 million figure, it is clear that Ryuk has maintained its spot at the top, at least, for now.
Over the past year, other ransomware gangs, such as REvil, Maze, and Egregor, have also made a name for themselves and have also been very active, infecting hundreds of companies.
However, there haven't been any reports on the estimated sum these groups have made.
The latest such report came from security firm McAfee in August 2020 when the company published a report estimating that the Netwalker ransomware gang made around $25 million in ransom payments between March and August 2020
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | January 7, 2021 -- 19:22 GMT (19:22 GMT) | Topic: Security
dollar-money-rain.jpg
Image: QuinceCreative
The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.
SECURITY
The malware that usually installs ransomware and you need to remove right away
The malware that usually installs ransomware and you need to remove right away
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.
Read More
In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks.
"Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."
AdvIntel and HYAS say the extorted funds are gathered in holding accounts, passed to money laundering services, and are then either funneled back into the criminal market and used to pay for other criminal services or are cashed out at real cryptocurrency exchanges.
But what the two companies have found odd was that while other ransomware groups typically used lesser-known exchanges to cash out funds, Ryuk converted Bitcoin into real fiat currency using accounts on two very well-established crypto-portals, such as Binance and Huobi, most likely using stolen identities.
ryuk-earnings.png
Image: AdvIntel
But today's joint AdvIntel and HYAS report also provides a more up-to-date figure in regards to Ryuk operations.
The last figure we had came from February 2020, when FBI officials spoke at the RSA security conference. At the time, the FBI said that Ryuk was, by far, the most profitable ransomware gang active on the scene, having made more than $61.26 million from ransom payments between February 2018 and October 2019, based on complaints received by the FBI Internet Crime Complaint Center.
fbi-rsa.png
Image: FBI
With today's report and the $150 million figure, it is clear that Ryuk has maintained its spot at the top, at least, for now.
Over the past year, other ransomware gangs, such as REvil, Maze, and Egregor, have also made a name for themselves and have also been very active, infecting hundreds of companies.
However, there haven't been any reports on the estimated sum these groups have made.
The latest such report came from security firm McAfee in August 2020 when the company published a report estimating that the Netwalker ransomware gang made around $25 million in ransom payments between March and August 2020